lsws or lslb built-in anti-ddos is effective in practice, efficient for http level Dos or DDos. it prevent one IP to establish too many valid tcp connections or to make too many requests or to consume too many bandwidth. so it's ok to defend against small scale attacks. Also it don't take care of other types of attacks, for example UDP flooding, tcp syn flooding, too many tcp connections for ftp, ssh etc.

the proxy DoS service, on ther other hand, take care of all types of attacking, UDP, syn flooding etc. AND, including above http level protections. it's mainly used to anti-ddos, for normal traffic, only do proxying, not serve static and dynamic http requests directly(which web server will do)

for very large scale ddos, for example, 10G+ bps coming in traffic, lsws built-in anti-ddos feature won't work since it'll exceed 1G bps NIC's capability. one 10G port proxy Dos service can't sustain either. it depends on the proxy Dos service's scalability and the size of the attacks.

it's still in experiment stage ... no ETA yet. But has been in service for some time, succeeded to mitigate some small scale attacks.

yes, it's a good combination --- web server defend against http attack and firewall take care of the rest. lsws or lslb's built-in anti-ddos feature is accurate and efficient against http level attack. yes, no difference between lsws and lslb's anti-ddos feature.